Accessing personal information under the Freedom of Information and Protection of Privacy Act of British Columbia.

(1)

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

OF BRITISH COLUMBIA

by

Carol Elliott

B.S.W., University of Victoria, 1987

B.A., University of Victoria, 1988

A Thesis Submitted in Partial Fulfillment

of the Requirements for the Degree of

MASTER OF ARTS

In the Studies in Policy and Practice Program

Faculty of Human and Social Development

 Carol Elliott, 2008

University of Victoria

All rights reserved. This thesis may not be reproduced in whole or in part, by photocopy

or other means, without the permission of the author.

(2)

ii

Supervisory Committee

ACCESSING PERSONAL INFORMATION UNDER THE

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

OF BRITISH COLUMBIA

by

Carol Elliott

B.S.W., University of Victoria, 1987

B.A., University of Victoria, 1988

Supervisory Committee

Dr. Patricia MacKenzie (School of Social Work, Faculty of Human and Social Development ) Supervisor

Dr. Reg Whitaker (Department of Political Science, Faculty of Social Sciences) Outside Member

(3)

iii

Abstract

Supervisory Committee

Dr. Patricia MacKenzie (School of Social Work, Faculty of Human and Social Development ) Supervisor

Dr. Reg Whitaker (Department of Political Science, Faculty of Social Sciences) Outside Member

Rapid advances in information technology have led to a considerable body of scholarly research focused on the evolution of the “surveillance society.” This term is used by the author to refer to governments’ increasing ability to monitor and control the actions of citizens as well as their own operations. An associated area that is rarely examined in scholarly research is the process by which citizens access their own personal information from public bodies and the barriers that they encounter when attempting to do so. It is this area which will be the focus of this thesis.

The thesis is based upon a descriptive study that involved a systematic investigation of how the political and governmental context influences the process of accessing personal information under the Freedom of Information and Protection of Privacy Act of British Columbia. The goal of the research is to examine factors that encourage and limit individual citizens’ ability to access their own personal information. The thesis explores issues and circumstances that lead applicants to appeal decisions, factors that facilitate and impede access, and the impacts of the request process on applicants. Recommendations for changes that may improve access as well as enhance government transparency and accountability are proposed. I approach the research from the perspective that open and accountable government is necessary in democratic society, and that, through increased public awareness and avenues for input, changes can be made which improve access to personal information and government accountability.

The research involved a content analysis of fifty-three orders by the Information and Privacy Commissioner of British Columbia and his staff. The content analysis of these documents is supplemented by statistical analysis and personal reflection. The thesis relies on concepts and theory proposed by Max Weber and Anthony Giddens to provide a viable framework for understanding both the structure and culture of government, particularly how the access to information process reflects the control and flow of information within the bureaucracy. The research confirms that barriers to access do exist and they are not in the places that one

(4)

iv

might expect to find them. Recommendations concerning amendments to the legislation and improvements to the processing of requests and the appeal process are suggested. However, the most crucial change necessary is for the Office of the Information and Privacy Commissioner, despite fiscal restraints, to engage in greater transparency concerning its own activities and for the role of the Commissioner to focus more on public education and advocacy, such as support for community programs that would offer free legal assistance and information concerning the public’s rights under the Act, including guidance concerning how to make a request and pursue a complaint or appeal.

(5)

v

List of Tables

Table 1 Features of Positivism and Phenomenology that are 80 Relevant to this Study

Table 2 Requests for General and Personal Information for 88 Three Selected Ministries for the Year 2000

Table 3 Dispositions for Requests for Review Closed by the Office 98 of the Information and Privacy Commissioner for

April 1, 1999 to March 31, 2004 as per Selected Grounds

(10)

x

List of Figures

Appendix A The Access Process 194

Appendix B Information Requirements Related to the 197

Access to Information Process Appendix C Features of the Legislation 198

Appendix D Comparison of Requests for Review for Selected Public Bodies: 208

1999-2003 Appendix E Comparison of Orders for Selected Public Bodies: 1999-2003 209

Appendix F Summary of Information Applicant has Requested 210

Appendix G Coding Sheets 215

Appendix H Grounds for Review, Exceptions Examined and Applied, 255

and Date of Receipt and Response to Requests Appendix I Decisions Upheld, Overturned and Split 1999-2003 271

Appendix J Total Grounds for Review for Five Public Bodies 1999-2003 272

Appendix K Partial Access for Five Public Bodies 1999-2003 273

Appendix L Deemed Refusal for Five Public Bodies 1999-2003 274

Appendix M Denied Access for Five Public Bodies 1999-2003 275

Appendix N Adequacy of Search for Five Public Bodies 1999-2003 276

Appendix O Duty to Assist for Five Public Bodies 1999-2003 277

Appendix P Grounds for Review as per Order Type 278

Appendix Q Grounds for Review per Category of Public Body 279

Appendix R Decision of Commissioner per Order Type 280

Appendix S Decision of Commissioner per Category of Public Body 281

Appendix T Sections 3(1) and 6(1): Whether the public body 282

met its responsibilities Appendix U Section 6: Appropriately Applied 283

Appendix V Discretionary Sections 284

Appendix W Mandatory Exceptions: 22(1), 22(3), and 22(5) 285

Appendix X Mandatory Exceptions: 22(2) and 22(4) 286

Appendix Y Late Requests per Order Type 287

Appendix Z Response Time per Public Body 288

Appendix AA Late Requests and Duty to Assist per Category of Public Body 289

Appendix BB Requests with the Most Problems with Severing 290

Appendix CC Problem Requests: Grounds for Review per Order Type 296

Appendix DD Problem Requests: Grounds for Review per Public Body 297

Appendix EE Problem Requests: Commissioner’s Decisions Related to Grounds 298

for Review Appendix FF Problem Requests: Commissioner’s Decisions as per Category of 299

Public Body Appendix GG Problem Requests: Response Time per Order Type 300

Appendix HH Problem Requests: Response Time per Category of Public Body 301

Appendix II Orders with the Least Number of Sections Applied 302

Appendix JJ Least Exceptions Applied: Response Time per Category of 303

Public Body Appendix KK Least Exceptions Applied: Response Time per Order Type 304

(11)

xi

Acknowledgments

I would like to thank Dr. Patricia MacKenzie for her guidance and encouragement throughout the research process. Dr. MacKenzie took on the supervisory role despite her academic and administrative commitments, for which I will forever be grateful.

I would also like to thank Dr. Reg Whitaker, who kindly offered his learned counsel on the theory used and the substantive issues under consideration. As an internationally renowned expert on privacy and surveillance, Dr. Whitaker’s willingness to be part of the committee and to provide comments on drafts of the thesis are much appreciated and invaluable.

My largest debt of gratitude is to Eric Clemens, Adjunct Professor, School of Public Administration. Professor Clemens helped me through numerous trials and tribulations as a graduate student and offered many insightful and fruitful ideas regarding the research. I sincerely thank you for your assistance over the past six years.

I would also like to extend my appreciation to the external reviewer, Murray Rankin. It is truly an honour and a privilege for the research to be read and approved by a champion and one of the original drafters of the Freedom of Information and Protection of Privacy Act.

Last, I would like to recognize the support of Dr. Alasdair Roberts, Suffolk University Law School, and Darrell Evans, Executive Director, British Columbia Freedom of Information and Privacy Association. Their wealth of knowledge concerning the topic in question and suggestions for the methodology were instrumental in my choosing to conduct and continue with the research. Without the purveyors of truth mentioned above our world would suffer from a greater

accountability deficit than it does already. Their words of wisdom concerning the research provided me with much inspiration and increased my resolve to be “part of the solution.” Where the Mind is Without Fear

Where the mind is without fear and the head is held high Where knowledge is free

Where the world has not been broken up into fragments By narrow domestic walls

Where words come out from the depth of truth

Where tireless striving stretches its arms towards perfection Where the clear stream of reason has not lost its way Into the dreary desert sand of dead habit

Where the mind is led forward by thee Into ever-widening thought and action

Into that heaven of freedom, my Father, let my country awake.

(12)

CHAPTER I: INTRODUCTION

Introduction

Traditionally, the main roles of government are as the maker of laws and the provider of service delivery (Kernaghan & Siegel, 1995). Government is also the chief repository of

information. However, the role and function of government is drastically changing as we enter the twenty-first century. Amidst a global neo-liberal economic climate, more and more countries are embracing democratic principles while at the same adopting private sector practices. As a result, governments are becoming the brokers rather than providers of information and services through such practices as downsizing, devolution and contracting out of service delivery (Kernaghan & Siegel, 1995).

Due to advances in information technology governments are able to collect, store and disseminate information more quickly and widely than ever before. Ironically, through the adoption of information management systems and highly controlled corporate communications (Roberts, 1999b; Roberts, 2004c), governments are increasing their capacity to monitor and restrict the amount of information available to the public concerning their decision making as well as reducing the number of people to which they provide services. The effect is to drastically limit the ability of citizens to scrutinize government actions and participate in government decision making and policy making.

A key premise of this study is that open and accountable government is necessary in democratic society, and that, through increased public awareness and avenues for input, changes can be made which improve access to personal information and government accountability. Access to

information is considered a cornerstone of democratic government (Lor & van As, 2002; Vaughn, 2000) and is enshrined in the United Nations’ Universal Declaration of Human Rights (1948): Article 19: Everyone has the right to freedom of opinion and expression; this right

includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

(13)

2

Purpose of Study

The objective of the research is to examine the process of accessing personal information under the Freedom of Information and Protection of Privacy Act of British Columbia as detailed in cases appealed to the Office of the Information and Privacy Commissioner (OIPC). The research examines issues and circumstances that lead applicants to appeal decisions, factors which facilitate and impede access, impacts (intended and unintended) of the request process on applicants, and recommend changes that may improve access as well as enhance government transparency and accountability. By the latter terms, I mean openness to public scrutiny and public evaluation of its performance of its legislated responsibilities, respectively.

The research question has been developed from my own experiences as an information and privacy analyst with the Provincial government from 1996 to 2002. I am concerned that the voices and experiences of applicants have in the past, currently and will in the future be excluded from the development of policy and procedures concerning the processing of requests. From the information gathered, I hope to develop recommendations which can be used to improve the access process, as well as foster greater government accountability and transparency of practices.

Research Question

Specifically, the research question is: what encourages and what limits individual citizens’ ability to access their own personal information?

Four sub-questions will guide my research:

1. What capacities and actions (and lack thereof) of applicants facilitate and encourage, as well as limit and hinder, their ability to access their personal information, and why and how does this occur?;

2. What capacities and actions of (and lack thereof) of government facilitate and encourage, as well as limit and hinder, individuals’ access to their personal information, and why and how does this occur?;

3. What are some of the impacts (intended and untended) on applicants? and

4. What are some ways to increase individuals’ ability to access their personal information and “build in” additional supports?

(14)

3

Background of Study

Lessons Learned in Government1

As a former information and privacy analyst, I have first-hand knowledge and experience of how the provincial government fulfills its responsibilities for requests made under FOIPPA. By my calculations, I have processed over four hundred requests, the vast majority for personal information.

In my experience, individuals who seek their personal information under the legislation (and sometimes those individuals who seek information about others) often do not know what

information the government holds about them, where it is held, and to whom to make the request. Applicants are often in crisis or stressful situations, as for example, in child custody disputes, in compensation claims for abuse as a child, in appeals of welfare benefits, and on probation or incarcerated. Applicants experience great frustration with the process, particularly when the response is delayed (as it frequently is) over the thirty working days legislated time limit, and when the government denies access to or partially withholds the requested information. Rarely do applicants complain to the Information and Privacy Commissioner, who has responsibility for the implementation and oversight of the legislation.

As part of their job duties, information and privacy analysts are legally required to contact the applicant under few sets of circumstances, as for example, if the wording of the request is unclear, or if additional information must be sought in order to process the request. They are also encouraged to close files as quickly as possible. While analysts are required to take steps to increase the chance of applicants obtaining the information requested, there is no legal obligation for an analyst to work with the applicant to produce a response to his/her request that involves the disclosure of information.

The Applicants’ Voices are Unheard

Applicants and public bodies alike have expressed concern regarding the request process (OIPC, 2002; OIPC, 2003; Special Committee to Review the Freedom of Information and Protection of Privacy Act, 1999; Special Committee to Review the Freedom of Information and

1_{I have also learned lessons “in the field.” While I was employed as a transition house support worker (from} 1991 to 1996), I became aware of information and privacy issues, particularly how individuals who attempt to access their information often encounter difficulties, such as government workers not returning their phone calls and records released to them which had information blanked out. Although unaware of it at the time, I was developing an understanding of the social organization of knowledge.

(15)

4

Protection of Privacy Act, 2004). Through hundreds of conversations with applicants, other information and privacy analysts, program managers, and portfolio officers of the OIPC, I have come to believe that many more applicants than those who make complaints and appeals are dissatisfied with the way their requests are processed. For applicants, the key issues are the time delays in receiving requests, and the perception that government has inappropriately withheld some or all of the requested information (OIPC, 2002; OIPC, 2003; Special Committee to Review FOIPPA, 1999). For the provincial government, key practice issues are budget cutbacks and dwindling resources to respond to requests, and resulting backlogs of requests (OIPC, 2002; OIPC, 2003; Special Committee to Review FOIPPA, 1999; Special Committee to Review FOIPPA, 2004).

How information and privacy programs are managed alongside government attitudes toward information and privacy perpetuate the above-noted concerns. Administrators at the program and senior management level are mainly interested in gathering information which will help them meet their legal and fiduciary responsibilities. Annual program reviews are focused primarily on the effectiveness and efficiency of the request process and other program objectives. Information and privacy analysts and legal analysts regularly critically scrutinize orders by the Information and Privacy Commissioner for their legal significance and impact on government operations, but do not as a matter of course examine the experience of and impact on applicants.

I suggest that many requests for personal information are related to applicants’ dissatisfaction with the services they receive from public bodies or not being able to participate fully in life-altering decisions concerning themselves. This frustration is compounded by the lack of responsiveness of the access process by public officials.

Relevance of Study

Trends and challenges facing public sector service delivery has become a main topic of research by political scientists (Doern, 1994; Johnson, 2002; Mintzberg, 1996; Wake Carroll & Siegel, 1999). Recent studies by the federal government have focused on client focused service delivery (Bent, Kernaghan & Marson, 1999; Blythe & Marson, 1999); performance improvement (Schmidt & Marson, 2006); innovation (Privy Council Office, 1997); ethics (Canadian Centre for Management Development, 2000); and accountability (Auditor General of Canada and Treasury Board Secretariat, 1998). This research will attend to broader scale political and economic factors, such as the trend toward neo-liberalism and public demands for accountability, as well as micro-sociological aspects of decision making, particularly the use of discretion by those

(16)

5

involved in the processing of requests for personal information. The discretion allowed and the choices made by officials at several levels are examined. An attempt will be made to examine the reasons for such decisions, although they can only be speculated upon, with reference to the larger organizational culture and structure along with societal influences.

The proposed research has both short- and long-term benefits. By examining applicants’ experiences of the process and attempting to give them voice, I will attempt to challenge the “hierarchy of credibility” (Becker, 1967, p. 207) that exists within bureaucracies and between bureaucracies and the public. “Hierarchy of credibility” refers to the idea that knowledge and opinions expressed by the upper echelons of society (in this instance, government officials) are considered more valid than other viewpoints and used to exert control over subordinate groups. Becker observes, “In any system of ranked groups, participants take it as given that members of the highest group have the right to define the way things really are” (p. 207).

Inclusion of applicants’ experiences in the development of policy and procedures concerning the processing of requests is especially important given the current neo-liberal political climate and attempts by Premier Campbell to further limit openness of government and reduce public scrutiny. For example, in 2002 the Provincial government implemented amendments to FOIPPA that extend the legislated response time to thirty working days instead of thirty calendar days and, under Section 5 (how to make a request), add a requirement that the applicant “provide sufficient detail to enable an experienced employee of the public body, with a reasonable effort, to identify the records sought.” An examination of applicants’ experiences will assist with providing support for public accountability: “government will act most appropriately if it knows that it will be scrutinized” (Milsum, 1993, unpaged). In the long-term, the study is intended to heighten public awareness of the process of accessing personal information and to foster more examination of government operations, which will hopefully lead to greater accountability and transparency of practices.

My personal background as a white, middle-class female who has been both "insider" (within government) and "outsider" (as a citizen) to the process studied will strongly influence how I conduct the research, including what I choose to examine, how I examine the information I gather, and the evidence that I choose to offer as support for my arguments. To bridge both worlds, I will need to remember my different roles and locations, consider administrative as well as research ethics, and be reflexive (Giddens, 1984). Government policy analysts typically use positivist research approaches, such as statistical methods and “objective” analyses of factual data. They would not usually examine the effectiveness of operations through seeking to

(17)

6

is another reason why the research may have value for stakeholders both internal and external to government.

Summary of the Relevance of the Study

Accessing one’s own personal information is meant to be an empowering experience, and an important method to hold decision makers accountable. Unfortunately, the access process is fraught with barriers and challenges that limit access and, ultimately, prevent citizen participation in governance and attainment of their democratic rights. Governments’ interpretations of its legal responsibilities under FOIPPA and its unwillingness to assist applicants ultimately reflect negative and undemocratic attitudes toward openness, accountability, fairness and democracy. Decisions concerning service delivery and the access process itself cannot be scrutinized if those who receive the services are fewer and fewer in number and their voices are remain unheard and are actively silenced through the control orientation of government. Only minute segments of the population have the necessary awareness of their access rights and sufficient resources in terms of time and money to endure months of waiting and truly exercise their legal right of access to information.

Assumptions of the Research

I have made many assumptions regarding knowledge, access to information, bureaucracy and change. The following assumptions will guide the research, upon which I will elaborate further in the thesis:

Regarding knowledge and information • Knowledge is a form of power.

• Each person is an expert concerning his/her own life.

• Systemic hierarchies of oppression (race, class, gender) influence what knowledge and information is valued; who creates and has access to the most important forms of knowledge; and how knowledge is used and managed to perpetuate oppression.

Regarding the research topic

• All people should be able to participate fully and effectively in decisions made concerning them.

(18)

7

• Freedom of association and, by inference, freedom of information are fundamental rights, as guaranteed under the Canadian Charter of Rights and Freedoms, and necessary for a democratic society.

• All people should be able to obtain their personal information from government and know what information government possesses about them.

• Each person should be able to access information that enables him/her to make fully informed choices concerning his/her life and participate in public decision-making. • Access to information is a crucial way for the populace to become empowered and hold government accountable.

• Every person should be able to obtain his/her personal information without making an access request under FOIPPA unless the requested information contains the personal information of third parties or one of the other exceptions to disclosure under FOIPPA applies.

• Each person should be assisted by public officials (including information and privacy analysts, teachers, social workers, medical professionals), as and when necessary, to obtain access to their personal information and other information necessary to a full determination of their access rights.

• The Fair Information Practices (OECD, 1980) on which FOIPPA is based are indeed fair.

Regarding government and information

• The traditional purpose of government is to make and enforce rules that are fair and to act in the public good: “The public sector is about democracy and the public good, the collective interest and the peaceful enjoyment of life. (. . . ) An effective government maintains a singular focus on the welfare of citizens (. . . )” (Cochrane, 2004, unpaged).

• Government is acting less and less in the public good and as a service provider and more as a broker of services.

• Government is the main repository of information in society.

• Traditionally, government has considered all information in its possession – including citizens’ personal information – as its own. The information is not to be disclosed unless it is proven that no harm will come from its disclosure.

• By controlling the flow of information (for example, by top-down, one-way communication; levels of access within and external to government), government maintains control over its operations and the populace.

(19)

8

Regarding change and governance

• Governments are protective of the “status quo” and generally resistant to change.

• Governments are focused on effective, cost-efficient service delivery, and more amenable to change to these ends.

• Current structures and cultures will need to be changed to encourage access to personal information and to reduce barriers to access.

• Change toward access to information and supportive government processes, policy, and cultures and structures can be created through collaborative work with those affected (stakeholders). Measures to increase citizen involvement, community capacity and quality of life can be built in to administrative policies and procedures.

Regarding change

• Change is normal – “the only thing constant is change.”

• Change can offer opportunities, rather than be something to always avoid and resist.

• Change is political – someone gains from the way things are, someone does not. Those who control the decision-making process may not want to give up their power.

• Power dynamics highly influence who creates change, what is done and how it is done. • Change is necessary – often what is defined as a “personal problem” is really a “public issue.” Sharing power with those affected by decisions is necessary to develop effective solutions to social and individual problems, and participatory decision-making.

• Planned change is participatory, collaborative, democratic and iterative.

(20)

9

CHAPTER II: THE ACCESS PROCESS AND THE ORGANIZATIONAL CONTEXT I will briefly recount the history and purpose of the Freedom of Information and Protection of Privacy Act (FOIPPA) of British Columbia. I will then describe the process by which one accesses one’s own personal information. This will be followed by a description of the

organizational context and current trends in government. Global, national and provincial political and economic factors that also influence the topic under discussion will be discussed in remaining chapters.

A Short History of the Access to Information Process in British Columbia

The New Democratic Party (NDP) in the province of British Columbia was elected in 1992 on a platform that it would introduce legislation similar to that already in place in other Canadian provinces to protect personal privacy and provide access to government information (Levine, 1993). The provincial NDP has ideological roots close to those of its federal counterpart, including commitment to “the application of democratic socialist principles to government and the administration of public affairs” and “the belief that the dignity, freedom and equality of the individual is a basic right that must be maintained and extended” (NDP, 2001).

The initial drafting of the new information and privacy law, known as Bill 50, involved consultation with many stakeholders, including the Freedom of Information and Privacy Association of BC, which represents many public interest groups; the British Columbia Civil Liberties Association; business, media, labour and concerned citizens (Ministry of Attorney General, 1992, p. 2). Heralded as “the best legislation of its kind in Canada” (Ministry of Attorney General, 1992, p. 2), the legislation balanced the right of access with the protection of personal privacy. The explicit purposes of the legislation “are to make public bodies more accountable to the public and to protect personal privacy” (section 2[1]). The legislation was modeled on similar legislation previously enacted by the Province of Ontario in 1990 (Levine, 1993).

At the time it was drafted the legislation pertained to “all government Ministries and over 200 Provincial government corporations, boards, commissions and agencies” (Ministry of Attorney General, 1992, p. 2). The coverage of the legislation was soon extended to “municipalities and other local government agencies; local boards such as police, school and hospital boards; colleges and universities; and self-governing professional bodies” (Ministry of Attorney General, 1992, p. 2). The Freedom of Information and Protection of Privacy Act of British Columbia (FOIPPA)

(21)

10

was proclaimed in October, 1993.

The Provincial government highlighted many virtues in a report on the legislation soon after the Bill 50 passed third reading on June 23, 1992:

Special features that have received favourable comment include

• the strong statement of information rights and the duty of government to assist applicants requesting records;

• the powers given to British Columbia’s Information and Privacy Commissioner to ensure that government meets its responsibilities under the legislation,

particularly the Commissioner’s power to order cessation of inappropriate personal information practices;

• the publication of a public records index which will list those government records which are available without a request for access under the Act; • the conversion of class tested exceptions found in other information and privacy legislation into harm tested exceptions (e.g., harm must be demonstrated before information can be withheld);

• the assignment of time limits on exceptions;

• a strong and usable public interest override which applies to all exceptions and can be used even without a request;

• protection against the use of personal information for mailing lists or solicitations by telephone and other means;

• a 30 day time limit on extensions for responding to requests unless a longer period is approved by the Commissioner;

• a 90 day time limit on the length of time the Commissioner may take to review a decision by the head of a public body; and

• the Act’s plain language. (Ministry of Attorney General, 1992, p. 2)

The specific features of the legislation are important to consider when examining existing barriers and strengths of the access process. Chapter III (Legislation) will offer a comparative analysis of Provincial legislation as well as a review of legislation of selected countries across the world.

Prior to the implementation of the FOIPPA, the Provincial Office of the Ombudsman issued a public report that examined “the underlying principles governing such access to information as well as the necessary exceptions” (Ombudsman of British Columbia, 1991, p. 1). The principles

(22)

11

were “based on administrative fairness and not political philosophy” (p. 15). Denial of access to personal information was believed to be justified in certain cases, such as access to medical records, which may involve issues of “consent and competence” (p. 15); “personal information contained in police or other investigative files” (p. 15); and “personal information regarding correctional and security matters” (p. 15).

The Ombudsman made many recommendations that became part of the provisions of

FOIPPA, including the three situations involving exceptions to disclosure described above. Two recommendations that were not included in the legislation are progressive even by today’s standards. The Ombudsman suggests that fees should not apply if records are not located. Under FOIPPA applicants seeking general information are required to pay a fee if the cost, which applies to search and retrieval of the record, photocopying and mailing, is above fifty dollars. In practical terms, this means that a search of several hours that produces only one responsive record may still result in a charge for the applicant, sometimes over a hundred dollars. The Ombudsman also recommends that the principle of access should be instituted at a fundamental stage in information management: the design of forms. He remarks that, “Government forms should be designed with severability in mind. For example, where portions of a record are exempt from disclosure, there should be provision from the provider of the information to attach that material as appendices” (p. 15). This principle is one that I heard discussed only a handful of times in my former workplaces. The design of forms and databases to store personal information and the development of security measures to control threats to data security and personal privacy have become much more important issues in public and private sector agencies since the terrorist attacks of September 11, 2001 in the United States and the recent implementation of Federal and Provincial private sector privacy legislation.

Similar to legislation of other provinces, FOIPPA is divided into several parts. Part 1 (Introductory provisions) covers definitions of terms used in the legislation and the purpose and scope of the act. Part 2 (Freedom of Information) refers to access rights, exceptions to disclosure, third party notification and disclosure in the public interest. Part 3 (Protection of Privacy) covers collection, protection and retention of personal information, and the use and disclosure of personal information. Part 4 (Office and Powers of Information and Privacy Commissioner) concerns the hiring, role and duties of the Information and Privacy Commissioner and his staff, as well as protection from libel or slander. Part 5 (Reviews and Complaints) covers reviews by the Commissioner and investigations and reviews by an Adjudicator appointed by the Commissioner. Part 6 (General Provisions) focuses on a plethora of concerns not mentioned in prior sections, including delegation by the head of a public body; the requirement of an annual report by the

(23)

12

minister responsible for the act; offences and penalties; privacy protection offences; additional powers of the information and privacy commissioner; and the relationship of the act to other acts. The research will examine mainly the provisions of Part 2 but will also refer to Parts 4, 5 and 6 with regard to offering recommendations for improvements. Further mention of the provisions of the legislation will be made in Chapter III.

Requests and Appeals

In the initial years of the legislation the number of personal and general requests for records under FOIPPA steadily increased. The categories of applicants included individual citizens, the media, political parties, public interest groups and researchers. Individuals by far remain the most frequent requestor of information under the Act. Many statistics and other observations regarding the access process will be provided later in this chapter and throughout the thesis.

According to the Office of the Information and Privacy Commissioner’s 2002-2003 annual report, “The number of requests for review and complaints filed with the Office of the

Information and Privacy Commissioner has risen from less than 300 in 1993 to almost 1,100 in 2003” (p. 1). In the fiscal years 2001-2002 and 2002-2003, the OIPC mediated approximately ninety percent of requests for review (OIPC, 2002; OIPC, 2003). Requests for review can be made for several reasons, including on the grounds of partial access (53 %), deemed refusal (17 %), denied access (11 %) and duty to assist (4 %) (OIPC, 2003). In 2002-2003, eighty percent of the requests for review were from individuals seeking access to personal information (OIPC, 2003).

As will be detailed in the analysis of the research data, most access requests made to the Provincial government are for personal information. In actuality only a small percentage of applicants seek a review of the government’s decision concerning access. The government’s statistics also do not identify the percentages of requests for personal information that result in a review versus the percentage of requests for non-personal information. As previously mentioned, the statistics may mask the public’s actual satisfaction level with the request process, and that many people still are unaware that they may use the legislation to obtain their personal

information and that they can appeal if they are not satisfied with the response that they receive. Current Challenges

The process of creating an infrastructure to support key information and privacy activities, such as policy development, request processing and compliance, continues to be done within a global economic recession and governmental environment of fiscal conservativism. In 1997 the

(24)

13

budget for the information and privacy function (policy and programs) was twenty-one million dollars (Tromp, 2000). In 1997-1998 fiscal cutbacks to information and privacy programs across government in response to the then provincial budget deficit and attacks by the media and B. C. political (Liberal and Reform) parties left many programs with approximately half their former operating budget (Tromp, 2000). In 1998 the Campaign for Open Government, spearheaded by the Freedom of Information and Privacy Association of British Columbia, took out newspaper advertisements and lobbied support for open government (Tromp, 2000).

Following criticisms by the public concerning backlogs of requests and wait times exceeding the legislated time frames (Special Committee to Review the Act, 1999; OIPC, 1999), at the request of the Information and Privacy Commissioner the two ministries that received the most requests, in terms of the number of requests for personal information and the largest number of requests overall, engaged in concerted efforts toward the hiring of extra staff and reduction of the backlogs (OIPC, 2000). David Loukidelis, then and currently the Information and Privacy Commissioner, specifically noted the guidance of a “change champion,” Sharon Manson Singer, who served separate terms as Deputy Minister of both ministries:

Two ministries that have struggled the longest with chronic backlogs have recently, at my urging, managed to re-allocate resources to address the problem. The former Deputy Minister of the Ministry of Social Development and Economic Security, Sharon Manson-Singer, laudably committed added resources to deal with the problems. The present Deputy Minister, Mike Corbeil, has continued those welcome steps to address the backlog. There is now only a two month backlog for requests for personal information and I will continue to monitor the progress in eliminating the backlog altogether. Backlog delays also plague the Ministry for Children and Families, which has for many years struggled with the Act’s timelines. The current Deputy Minister, Sharon Manson-Singer, is again to be applauded for her recent direction that resources are to be re-allocated to deal with the backlog. It remains to be seen how quickly these Ministries will be able to comply with the Act, but I am encouraged by the commitment of resources and will watch the situation closely. (OIPC, 2000, p. 8)

After the election of the current Liberal government in 2001, government-wide restructuring resulted in further downsizing of information and privacy programs and the OIPC. The OIPC, not surprisingly given the benefits to the government of less oversight, was dealt a thirty-five percent budget cut between March, 2002 and March, 2005 (OIPC, 2004).

(25)

14

The Canadian Centre for Policy Alternatives (2006) observes that the Province of British Columbia “ranks fifth of eight provinces in funding per $1000 of Provincial revenue” (p. 1) for the Office of the Information and Privacy Commissioner and sixth with regard to per capita funding. British Columbia has “almost six times the caseload of Alberta, which has similar legislation, but only 83 per cent of Alberta’s budget” (Lavoie, 2003, p. A4). As well, British Columbia has “a five per cent greater workload than Ontario, but only 32 percent of Ontario’s budget” (Lavoie, 2003, p. A4).

The annual reports produced by the OIPC and comments by the Commissioner to the media highlight his concerns regarding a shrinking budget and the potential for loss of accountability. In his 2003-2004 annual report, the Commissioner noted public concerns about delays (“our clients have told us we are often not responding in as timely a way as we used to”) (p. 8), and his concern that important functions were not being done by his staff (“Nor did we find enough time on the side to do as much of the pro-active policy and education work that is indispensable to good public policy and public body compliance with the law”) (p. 8). Echoing sentiments expressed by Murray Rankin, a founder of the legislation and lawyer, and Darrell Evans, Executive Director of the Freedom of Information and Privacy Association of British Columbia (Kines, 2005), Loukidelis stressed the need for his office to retain its ability to fulfill its mandate: There is a very important public interest involved here around accountability and

transparency. When we see all this talk about the democratic deficit, and ensuring greater transparency and accountability, I think that all levels of government have to continually ensure that these legal obligations are respected.” (Cribb, Vallance- Jones & Fowlie, 2005, P. C1)

Accessing Personal Information

A diagram of the request process is noted in Figure 1, Appendix A (“Process Map for Formal Requests for Records to the Provincial Government of British Columbia”). To make a request for one’s own personal information,2_{one must submit a request in writing or a completed “Access to}

Records” form to the public body that one believes holds the requested records.3 Applicants must provide details of the records, including subject or type of record, such as an adoption file,

2_{Requests for non-personal information are known as “general requests.” A typical example is a request made}

by the media for expense accounts of high ranking public officials.

(26)

15

probation records or counsellor’s notes, and a date range. Applicants must also provide contact information (name, mailing address, telephone number). From the receipt of the request, public bodies have thirty working days to respond. The intake officer or information and privacy analyst assigned to the file must make several important decisions, including whether the request is understandable and whether clarification is necessary, whether the records can be provided through routine channels, and whether the applicant is entitled to have access to the records requested. After forwarding an acknowledgment letter to the applicant, along with a request for clarification if necessary, the analyst then determines which offices might have the records in question and asks them to forward relevant records. If records responsive to the request do not exist, the records have not been located, or the records have been destroyed, the analyst then notifies the applicant of the disposition of the records. If records responsive to the request are located, the analyst reviews the records for exceptions to disclosure under FOIPPA. Of the eleven exceptions to disclosure, Section 22 (disclosure harmful to personal privacy) is most frequently applied. The analyst then prepares the records for photocopying, has the records copied (which may be done either by the analyst or by administrative support staff), and forwards a release package with a response letter and the records to the applicant. The applicant may be granted full or partial access, or denied access to the records in their entirety.

The onus is on the public body to assist as the applicant will not necessarily know what records to request and what information the government possesses. Under section 6(1) (duty to assist) of FOIPPA, the public body “must make every reasonable effort to assist applicants and to respond without delay to each applicant openly, accurately and completely.” For some exceptions to disclosure, decisions concerning access are made after an assessment of whether harm could result from the disclosure of the information contained in the records, as for example, the disclosure might violate the personal privacy of third parties or jeopardize personal or public safety. If not satisfied with the response received, the applicant can then submit a request for review to the Office of the Information and Privacy Commissioner (OIPC).

These steps in the access process are detailed in Provincial government’s policy and procedures manual concerning the Act. Individual information and privacy programs have also developed their own internal procedures to respond to requests. Changes in the access process do result from time to time in response to directives issued by the Information

Management/Information Technology Privacy and Legislation Branch and the Office of the Information and Privacy Commissioner.

(27)

16

Summary

Information and privacy analysts possess much discretion with regard to how they process requests. However, limited resources, staff shortages and administrative priorities to quickly close files and prevent complaints and requests for review to the Office of the Information and Privacy Commissioner undermine the ability of analysts to be flexible and generous with how requests are answered. Citizens’ rights to access their personal information are thus abrogated.

Many other factors hinder the public’s ability to access personal information. These include the fact that applicants are often unaware of what information they are entitled to ask for, what information is held by the government and how to go about making a request; there are few required communications between analysts and applicants; and that the government is not legally required to work with applicants to produce a request that can be answered with records.

Additionally, the government does not actively encourage the public’s right to access their own personal information or publicize the process of accessing personal information.

Organizational Context

In this section I will position the information and privacy function within the bureaucracy, including documenting important lines of authority and flow of communication. I will then examine the role and responsibilities of information and privacy programs, followed by a brief description of external stakeholders and their influence over the access process.

Information and Privacy in the Bureaucracy

The organizational structure of the Provincial government of British Columbia includes nineteen ministries, six central agencies and eleven Crown corporations. At the top of the hierarchy are the Office of the Premier, Cabinet, the Public Affairs Bureau, the Treasury Board (now part of the Ministry of Finance) and several other central agencies. The Premier and Cabinet are elected to office, while the Executive Committee for each ministry or public body (Deputy Minister and Assistant Deputy Ministers, or equivalent) is appointed.

Along with human resources, financial services, information systems, policy and planning and others, information and privacy is a central function to government. The main offices that are responsible for information and privacy are the Office of the Information and Privacy

Commissioner; the Information Management/Information Technology Privacy and Legislation Branch of the Office of the Chief Information Officer, Ministry of Labour and Citizens’ Services;

(28)

17

and information and privacy programs throughout government. I will briefly examine the

responsibilities of each office in turn.

Office of the Information and Privacy Commissioner

Although its budget and mandate are approved by the Premier, the Office of the Information and Privacy Commissioner is considered an independent provincial government body, as are the Ombudsman and the Auditor General. The Information and Privacy Commissioner has the powers equal to a judge and is responsible for oversight of the act. He and his staff investigate complaints and requests for review and make binding decisions. He also acts in an advisory capacity, gives public education and conducts program audits and makes recommendations. Information Management/Information Technology Privacy and Legislation Branch All information and privacy policy, standards and directives pertaining to FOIPPA are developed by staff of the Information Management/Information Technology Privacy and Legislation Branch (IMITPLB) of the Office of the Chief Information Officer. IMITPLB has similar responsibilities for the Electronic Transactions Act and the Personal Information Protection Act.

Corporate Information Management Branch

The Corporate Information Management Branch of the Office of the Chief Information Officer is responsible for the management of all recorded information. Among its several functions, the branch directs all records management activities and creates records management policy and procedures, including the Administrative Records Classification System (ARCS) and Operational Records Classification Systems (ORCS), which are specific to each public body. The branch is responsible for the administration of the Document Disposal Act.

Information and Privacy Programs

The manager and staff of the information and privacy programs ensure that each public body covered by FOIPPA meets its responsibilities under the legislation. A program may serve one or more ministries and its associated public bodies. For example, the Ministry of Children and Family Development’s program is responsible for the records of the ministry and of Office of the Representative for Children and Youth. Some non-ministry offices, such as the British Columbia Human Rights Tribunal and the British Columbia Public Service Agency, have their own information and privacy programs.

(29)

18

The head of each program, either a Manager or Director depending on the size of the staff contingent, reports to the head of the branch within which the program is located. Typically, the Manager/Director reports to the Assistant Deputy Minister for the branch, who in turn reports to the Deputy Minister.

Role and Responsibilities of Information and Privacy Programs

For the sake of expediency, in my thesis research I focused on the work done by one

information and privacy program, the Privacy, Information and Records Section (PIRS). PIRS provides services to the Ministry of Attorney General and the Ministry of Solicitor General. Goals and objectives

PIRS is responsible under FOIPPA for "the overall management and coordination of the (ministries') activities" and "ensuring consistency in the application of the Freedom of

Information and Protection of Privacy Act" (Ministry of Attorney General, 1999, p. 4). The three principal operational objectives are policy development, compliance monitoring and presentation of corporate position; processing requests; and advice, training and coordination (Ministry of Attorney General, 1999).

Activities

To fulfill its responsibilities, PIRS is involved in several activities, including "reviewing Ministry legislation, policies and procedures for compliance with the Act; processing centralized branch, cross-ministry and cross-government requests, and other requests as needed for other branches and agencies; and representing the Ministry with respect to these requests in responding to reviews and inquiries conducted by the Office of the Information and Privacy Commissioner" (Ministry of Attorney General, 1999; p. 4). Integral to the success of the program is efficient and effective project management.

Processing formal requests made under the FOIPPA is the main program activity. The program processes requests for information from various applicants (including the media,

political parties and business) in accordance with FOIPPA. Each information and privacy analyst is responsible for managing a case load of requests. PIRS receives funding from the provincial Treasury Board for analyst positions on the basis of approximately one hundred requests assigned to each analyst per year.

The Ministry of Attorney General (MAG) and the Ministry of Public Safety and Solicitor General (MPSSG) are expected to be standard setters among provincial public bodies with regard

(30)

19

to implementing policies and procedures concerning information and privacy. MAG and MPSSG are the authorities for determining whether to apply sections 14 (solicitor client privilege) and 15 (disclosure harmful to law enforcement) of FOIPPA. Likewise, all public bodies must consult with the Office of the Premier when considering whether to except information from disclosure under section 13 (cabinet confidences), and with the Ministry for Children and Family

Development for section 22 (disclosure harmful to personal privacy). Reporting requirements

PIRS has implemented various reporting procedures and performance measures to ensure that the program manager and internal4 stakeholders possess information required to support decision-making and accountability. The many requirements are detailed in Figure 2, Appendix B

(Information Requirements Related to the Operation of Information and Privacy Programs). Data concerning the performance of PIRS is collected by the program; the Information Management/Information Technology Privacy and Legislation Branch (IMITPLB); and the Office of the Information and Privacy Commissioner (OIPC). The most detailed reports are forwarded each week to senior executive for briefing. Internal and external stakeholders use information from PIRS' annual report and the OIPC's annual report to compare the performance of PIRS with that of other public bodies.

Despite the time and resources devoted to documenting and reporting program activities, much corporate knowledge remains unrecorded. A main example is that, due to the high turnover of staff within most of the information and privacy programs, “best practices” are not shared and lower level staff not given adequate training. Additionally, the reporting system provides an opportunity for feedback from and accountability to internal stakeholders, however, not enough attention has been paid to performance as related to the satisfaction levels of the public,

particularly applicants. As external clients' views on the program are not known, it is difficult to identify what changes, if any, should be made to improve the reporting system and the program's services.

The influence of the bureaucratic hierarchy

As part of a traditional bureaucratic structure, program operations are characterized by decision-making centralized with senior executive of the ministries, a "top-down" flow of communication, and formal lines of power and authority. All decisions regarding the

4_{For the purpose of this research, "internal" will refer to aspects of the ministries served by PIRS and the}

(31)

20

development and delivery of programs and services, including determining project and budget priorities for the fiscal year, are made by the Manager, and approved by two higher levels of authority, the Executive Director of the Finance and Administration Division, and the Assistant Deputy Minister, Management Services. The Deputy Solicitor General and Deputy Attorney General review and sign-off on "sensitive"5_{requests. Senior executive must be informed of any}

information which, if released, could be embarrassing to the Ministries or jeopardize relationships with non-governmental organizations and other public bodies, such as the Legal Services Society and municipal police forces.

PIRS operations are strongly influenced by the needs of senior executive and heads of important and influential programs within the ministries, such as Legal Services, Criminal Justice, Corrections Branches, Corporate Issues6_{and other public bodies (for example, the OIPC}

and the IMITPLB). PIRS has direct authority over ministry policy development and responding to requests, while each branch has authority over the information provided and the offering of recommendations on disclosure.

External Stakeholders

Political parties and politicians

The Premier and Cabinet ministers have the final responsibility for policy decisions and are accountable to the legislature (Langford & Prince, 1998). Control can be exerted by several mechanisms, including "the capacity to reward loyalty" (p. 25) and "control over the legislature's time table and agenda" (p. 25).

Opposition parties are key requesters of information. While in opposition the Liberal party in British Columbia was a frequent requester of documents pertaining to high profile issues. However, at the time of the Liberal government’s election in 2001, the NDP party won only two of the seventy-nine available seats in the legislature. As the Liberal government did not grant it opposition status, the NDP party lost important funds for research and policy development, part

5_{“Sensitive" requests can be deemed as such for several reasons: the nature of the material requested; the type}

of requester; and/or the content of the material to be released. In the author's experience, senior executive exercise much discretionary power regarding signing-off on sensitive requests. The sign-off process may involve consultations with several stake-holders, and may entail much examination and revision of the recommended response before it is approved for release to the applicant.

6_{During the time period of the research, government communications branches such as Corporate Issues}

vetted access requests and other information that were going to be released to the media and used for other public purposes. The communications branches are now part of the Public Affairs Bureau, a central agency, which reports to the Office of the Premier.

Accessing personal information under the Freedom of Information and Protection of Privacy Act of British Columbia.

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

OF BRITISH COLUMBIA

by

Carol Elliott

B.S.W., University of Victoria, 1987

B.A., University of Victoria, 1988

A Thesis Submitted in Partial Fulfillment

of the Requirements for the Degree of

MASTER OF ARTS

In the Studies in Policy and Practice Program

Faculty of Human and Social Development

 Carol Elliott, 2008

University of Victoria

All rights reserved. This thesis may not be reproduced in whole or in part, by photocopy

or other means, without the permission of the author.

ii

Supervisory Committee

ACCESSING PERSONAL INFORMATION UNDER THE

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

OF BRITISH COLUMBIA

by

Carol Elliott

B.S.W., University of Victoria, 1987

B.A., University of Victoria, 1988

Supervisory Committee

iii

Abstract

Supervisory Committee

iv

v

Table of Contents

vi

vii

viii

ix

List of Tables

x

List of Figures

xi

Acknowledgments

CHAPTER I: INTRODUCTION

Introduction

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20